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- 77?e MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under tie provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any repty received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent temi adjustment. See 37 CFR 1 .704(b). 

Status 

1 )H Responsive to communlcation(s) filed on 3/31/1999 . 
2a)S This action Is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal nnatters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) S Claim{s) 1-19 is/are pending in the application. 

4a) Of the above claim(s) 8.9 and 17-19 is/are withdrawn from consideration. 

5) n Clalm{s) is/are allowed. 

6) S Claim{s) 1-7 and 10-16 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawingCs) filed on is/are: a)n accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

11) S The proposed drawing correction filed on 24 January 2003 is: a)S approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)nAII b)n Some*c)n None of: 

1 . □ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 11 9(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1 ) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). . 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Infonmal Patent Application (PTO-152) 

3) □ Infonmation Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 
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DETAILED ACTION 
Claim Rejections - 35 USC §103 
1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not Identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-7, 10-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nielsen (US 6,006,333) and further in view of Pond et al (US 4,864,616) and Schneier. 

As per claims 10, 11, Nielsen discloses a data processing system (i.e. client 
system 10, see figure IB) capable of protecting the security of a cookie (i.e. user ID and 
password, see figure 2) stored vdthin said data processing system. The data processing 
system comprising: 

a) means for utilizing the master password as the encryption key to encrypt said 
cookie (i.e. user ID and password). 

b) a non-protected storage device (i.e. fixed disk 34,see figure 1 A) for storing 
encrypted user ID and password database [see column 3 lines 61-67]. 

c) means for utilizing the master password as a key to decrypt the cookie (i.e. 
needed password and user ID) based on a request for authentication is received [see 
column 4 lines 1-8]. 

d) means for sending decrypted cookie (i.e. user ID and password) to the web 
browser [see column 4 lines 43-61]. 
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Nielsen does not expressly disclose a protected storage device for storing an 
encryption key pair. 

Pond discloses the secure memory of the PC's memory (i.e. a protected storage 
device) for storing MID key and PID key (i.e. an encryption key pair, see column 3 lines 
19-35 and figure 1]. Pond discloses the data ciphering processor (i.e. 
encryption/decryption means) is using key streams corresponding to MID key and PID 
key to encrypt clear text and to decrypt encoded text [see column 5 lines 60-66], Pond 
also discloses the encrypted sensitive files stored in the data storage medium (i.e. hard 
disk, a non-protected storage device) is protected even if it is physically stolen [see 
column 4 line 67-column 5 line 3]. 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to protect the cookie (i.e. authentication information, user ID and 
password) using the MID key and PID key (i.e. an encryption key pair) stored in a secure 
portion of the PC's memory disclosed by Pond to substitute the master password key 
disclosed in Nielsen. 

One of ordinary skill in the art would have been motivated to store such valuable 
information (i.e. encryption/decryption keys) in the secure memory of the PC in order to 
prevent lost/misplace of master password by the user. 

The combination of Nielsen and Pond does not expressly disclose to use public- 
key cryptography (the encrypt key called public key is different from the decryption key 
which is called private key) to encrypt/decrypt the sensitive files (i.e. cookie). 
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Schneier discloses that the public-key cryptography and symmetric cryptography 
are two different sorts of algorithms. Schneier discloses the public-key algorithm has 
significant security benefits and could be limited to exchanging key for conventional 
symmetric cryptography system, see page 216. 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to use public-key cryptography (two different keys) instead of 
symmetrical cryptography (one key) to protect the cookie (i.e. authentication 
information) because the particular encryption scheme and accompanying decryption 
scheme used are the same disclosed by Nielsen [see column 4 lines 9-25]. 

As per claims 12-14, Pond discloses the key is a bit pattem, which is used in the 
encryption process and which is stored in the secure portion of the PC's memory, see 
column 5 lines 35-43. 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to protect the cookie (i.e. authentication information, user ID and 
password) using the MID key and PID key (i.e. encryption key pair) stored in a secure 
portion of the PC's memory disclosed by Pond to substitute the master password key 
disclosed in Nielsen. 

One of ordinary skill in the art would have been motivated to store such valuable 
information (i.e. encryption/decryption keys) in the secure memory of the PC in order to 
prevent the situation that the user does not remember the master password. 
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The examiner asserts that this disclosure clearly suggests the key streams in the 
secure memory of PC only can be accessed by data ciphering processor (i.e. encryption 
engine), see column 5 lines 4-59. 

As per claim 15-16, Nielsen discloses the browser program will generally respond 
to an authentication request by decrypting the password and user ID (i.e. cookie) and 
forwarding them to that remote site (i.e. a remote server, see column 2 lines 12-27 and 
column 4 lines 49-56). 

As per claims 1-7, the claimed steps corresponds to the functions of the elements 
of the apparatus claims 10-16, which has been rejected above, and thus rejected with the 
same reason applied thereto. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chi-Chung E Lee whose telephone number is 703-306-4153. 
The examiner can normally be reached on 8 am - 5 pm, Mon. - Fri.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone numbers for the 
organization where this application or proceeding is assigned are 703-746-7239 for regular 
communications and 703-746-7238 for After Final communications. 



Conclusion 
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Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone niunber is 703-305-3900. 
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